Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it could have been used for government surveillance.
SafeBreach Labs security researcher Or Yair discovered several vulnerabilities that allowed him to turn endpoint detection and response (EDR) and antivirus (AV) products into wipers.
Researchers at industrial and IoT cybersecurity firm Claroty have identified a generic method for bypassing the web application firewalls (WAFs) of several major vendors.
On the second day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned a total of more than $280,000 for smart speaker, smartphone, printer, router, and NAS exploits.
A significant chunk of the total amount was earned for smart speaker hacks, specifically vulnerabilities targeting Sonos One smart speakers.
Apple on Wednesday announced plans to beef up data security protections on its flagship devices with the addition of new encryption tools for iCloud backups and a feature to help users verify identities in the Messages app.
Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.
The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.
High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values the company north of $2 billion.
A newly observed botnet capable of self-replicating and self-propagation is targeting multiple Internet of Things (IoT) vulnerabilities for initial access, cybersecurity solutions provider Fortinet warns.
Cybersecurity solutions provider Fortinet this week announced patches for multiple vulnerabilities across its products, including a high-severity authentication bypass impacting FortiOS and FortiProxy.